1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00

java_cert: add cert_content argument (#8153)

* add cert_content arg (#8034)

* add changelog fragment (#8034)

* Update plugins/modules/java_cert.py

Co-authored-by: Felix Fontein <felix@fontein.de>

---------

Co-authored-by: Felix Fontein <felix@fontein.de>
This commit is contained in:
Denis Borisov 2024-04-21 15:56:01 +03:00 committed by GitHub
parent a05a5982a6
commit 8f98ba9119
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 33 additions and 6 deletions

View file

@ -0,0 +1,2 @@
minor_changes:
- java_cert - add ``cert_content`` argument (https://github.com/ansible-collections/community.general/pull/8153).

View file

@ -28,7 +28,7 @@ options:
cert_url: cert_url:
description: description:
- Basic URL to fetch SSL certificate from. - Basic URL to fetch SSL certificate from.
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
type: str type: str
cert_port: cert_port:
description: description:
@ -39,8 +39,14 @@ options:
cert_path: cert_path:
description: description:
- Local path to load certificate from. - Local path to load certificate from.
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
type: path type: path
cert_content:
description:
- Content of the certificate used to create the keystore.
- Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
type: str
version_added: 8.6.0
cert_alias: cert_alias:
description: description:
- Imported certificate alias. - Imported certificate alias.
@ -55,10 +61,10 @@ options:
pkcs12_path: pkcs12_path:
description: description:
- Local path to load PKCS12 keystore from. - Local path to load PKCS12 keystore from.
- Unlike O(cert_url) and O(cert_path), the PKCS12 keystore embeds the private key matching - Unlike O(cert_url), O(cert_path) and O(cert_content), the PKCS12 keystore embeds the private key matching
the certificate, and is used to import both the certificate and its private key into the the certificate, and is used to import both the certificate and its private key into the
java keystore. java keystore.
- Exactly one of O(cert_url), O(cert_path), or O(pkcs12_path) is required to load certificate. - Exactly one of O(cert_url), O(cert_path), O(cert_content), or O(pkcs12_path) is required to load certificate.
type: path type: path
pkcs12_password: pkcs12_password:
description: description:
@ -149,6 +155,19 @@ EXAMPLES = r'''
cert_alias: LE_RootCA cert_alias: LE_RootCA
trust_cacert: true trust_cacert: true
- name: Import trusted CA from the SSL certificate stored in the cert_content variable
community.general.java_cert:
cert_content: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
keystore_path: /tmp/cacerts
keystore_pass: changeit
keystore_create: true
state: present
cert_alias: LE_RootCA
trust_cacert: true
- name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist - name: Import SSL certificate from google.com to a keystore, create it if it doesn't exist
community.general.java_cert: community.general.java_cert:
cert_url: google.com cert_url: google.com
@ -487,6 +506,7 @@ def main():
argument_spec = dict( argument_spec = dict(
cert_url=dict(type='str'), cert_url=dict(type='str'),
cert_path=dict(type='path'), cert_path=dict(type='path'),
cert_content=dict(type='str'),
pkcs12_path=dict(type='path'), pkcs12_path=dict(type='path'),
pkcs12_password=dict(type='str', no_log=True), pkcs12_password=dict(type='str', no_log=True),
pkcs12_alias=dict(type='str'), pkcs12_alias=dict(type='str'),
@ -503,11 +523,11 @@ def main():
module = AnsibleModule( module = AnsibleModule(
argument_spec=argument_spec, argument_spec=argument_spec,
required_if=[['state', 'present', ('cert_path', 'cert_url', 'pkcs12_path'), True], required_if=[['state', 'present', ('cert_path', 'cert_url', 'cert_content', 'pkcs12_path'), True],
['state', 'absent', ('cert_url', 'cert_alias'), True]], ['state', 'absent', ('cert_url', 'cert_alias'), True]],
required_together=[['keystore_path', 'keystore_pass']], required_together=[['keystore_path', 'keystore_pass']],
mutually_exclusive=[ mutually_exclusive=[
['cert_url', 'cert_path', 'pkcs12_path'] ['cert_url', 'cert_path', 'cert_content', 'pkcs12_path']
], ],
supports_check_mode=True, supports_check_mode=True,
add_file_common_args=True, add_file_common_args=True,
@ -515,6 +535,7 @@ def main():
url = module.params.get('cert_url') url = module.params.get('cert_url')
path = module.params.get('cert_path') path = module.params.get('cert_path')
content = module.params.get('cert_content')
port = module.params.get('cert_port') port = module.params.get('cert_port')
pkcs12_path = module.params.get('pkcs12_path') pkcs12_path = module.params.get('pkcs12_path')
@ -582,6 +603,10 @@ def main():
# certificate to stdout so we don't need to do any transformations. # certificate to stdout so we don't need to do any transformations.
new_certificate = path new_certificate = path
elif content:
with open(new_certificate, "w") as f:
f.write(content)
elif url: elif url:
# Getting the X509 digest from a URL is the same as from a path, we just have # Getting the X509 digest from a URL is the same as from a path, we just have
# to download the cert first # to download the cert first